CVE-2020-8422

Published: Jan 31, 2020

Modified: May 30, 2025

PUBLISHED

CVSS v3.0

4.3

MEDIUM

Description

An authorization issue was discovered in the Credential Manager feature in Zoho ManageEngine Remote Access Plus before 10.0.450. A user with the Guest role can extract the collection of all defined credentials of remote machines: the credential name, credential type, user name, domain/workgroup name, and description (but not the password).

Vendor	Product	Versions
n/a	n/a	affected `n/a`

CVSS v3.0 Details

CVSS v3.0 Vector

CVSS:3.0/AC:L/AV:N/A:N/C:L/I:N/PR:L/S:U/UI:N

Attack Complexity

Low

Attack Vector

Network

Availability

None

Confidentiality

Low

Integrity

None

Privileges Required

Low

Scope

Unchanged

User Interaction

None

References

https://excellium-services.com/cert-xlm-advisory/CVE-2020-8422

https://excellium-services.com/cert-xlm-advisory/cve-2020-8422/

https://cds.thalesgroup.com/en/tcs-cert/CVE-2020-8422

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2020-8422

Description

Affected Products

CVSS v3.0 Details

References